Results 1 to 4 of 4

Thread: where/how to insert these rules

  1. #1
    Soul-Sing is offline Chocolate-Covered Ubuntu Beans
    Join Date
    Aug 2006
    Beans
    1,374
    Distro
    Ubuntu 13.04 Raring Ringtail

    where/how to insert these rules

    where/how to insert these rules in an existing iptables script?:
    http://ubuntuforums.org/showthread.php?t=1876124

    - A INPUT –m string –algo bm –string “*google.com” –j DROP
    - A INPUT –m string –algo bm –string “*google.inc.” –j DROP
    - A INPUT –m string –algo bm –string “*facebook.com” –j DROP
    - A INPUT –m string –algo bm –string “*akamai.net” –j DROP

    main/work string: iptables –A INPUT –m string –algo bm –string “*blocked.com” –j DROP
    Last edited by Soul-Sing; November 9th, 2012 at 12:35 PM.

  2. #2
    Join Date
    Feb 2011
    Location
    Coquitlam, B.C. Canada
    Beans
    3,506
    Distro
    Ubuntu Development Release

    Re: where/how to insert these rules

    If you don't provide a larger context (i.e. your existing rule set), your question is difficult to answer.
    Also, be aware that use of the iptables string module can be somewhat CPU intensive. (Although I haven't used it for maybe about a decade (back then, one had to re-compile the kernel to use it)).
    It looks as though you are trying to use a wild card in your string match rules. I don't know for sure, but I don't think it works that way.

  3. #3
    Soul-Sing is offline Chocolate-Covered Ubuntu Beans
    Join Date
    Aug 2006
    Beans
    1,374
    Distro
    Ubuntu 13.04 Raring Ringtail

    Re: where/how to insert these rules

    Quote Originally Posted by Doug S View Post
    If you don't provide a larger context (i.e. your existing rule set), your question is difficult to answer.
    Also, be aware that use of the iptables string module can be somewhat CPU intensive. (Although I haven't used it for maybe about a decade (back then, one had to re-compile the kernel to use it)).
    It looks as though you are trying to use a wild card in your string match rules. I don't know for sure, but I don't think it works that way.
    Hi,
    I have made an other iptables script, I found the insert rules to difficult for now. It does work for now. I'll keep a look at the logs, and how more "empty" they are, the better.
    Last edited by Soul-Sing; November 9th, 2012 at 09:22 PM.

  4. #4
    Join Date
    Feb 2011
    Location
    Coquitlam, B.C. Canada
    Beans
    3,506
    Distro
    Ubuntu Development Release

    Re: where/how to insert these rules

    Glad you got it sorted out. If you would be kind enough to report back, I would be very interested to know how the string rules are working for you in your application. I realize it might be several days before you know for sure.

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •